fca9da4b89e2afaa77f055546cd41408dc86afa0037d38d7e110a566ae2d691a

Sharing

Copy URL Twitter E-mail

General

Target

fca9da4b89e2afaa77f055546cd41408dc86afa0037d38d7e110a566ae2d691a
Size

873KB
MD5

441bf61e9946a5fbfe6b7b833dc3e0f2
SHA1

82098598ce597ca4fa8adbba7a5d8832770b7537
SHA256

fca9da4b89e2afaa77f055546cd41408dc86afa0037d38d7e110a566ae2d691a
SHA512

db6aa1b4a5fd82e73b14cb62b50682318b38560508d0132e69452c3d88da4acc5e97022268b1e00c2dc1208ac31ec7ff5f1d6279d46c5ddad499e21e3fd702ab
SSDEEP

12288:grHapHHQKMe2GQ+MRg+0T2+usb6y13qAUAAsLD7O0oaocm/6x/8p5XX0DI+2ostL:grMQNeFLWlb6qAUB0oaoc86mJ+2osy3O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fca9da4b89e2afaa77f055546cd41408dc86afa0037d38d7e110a566ae2d691a

Files

fca9da4b89e2afaa77f055546cd41408dc86afa0037d38d7e110a566ae2d691a
.exe windows x64

091c022f661c1db1ecf93f37840562e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetUserDefaultUILanguage
GetModuleFileNameW
GetLastError
GetNativeSystemInfo
CreateProcessW
FindClose
FindNextFileW
FindFirstFileW
WaitForSingleObject
GetEnvironmentVariableW
MultiByteToWideChar
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderPathW
ShellExecuteW

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?uncaught_exception@std@@YA_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?good@ios_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

vcruntime140

memset
__std_exception_destroy
__CxxFrameHandler3
_CxxThrowException
__std_exception_copy
memmove
__C_specific_handler
memcpy

api-ms-win-crt-string-l1-1-0

strlen
wcslen
isdigit

api-ms-win-crt-runtime-l1-1-0

_cexit
__p___argv
_configure_narrow_argv
__p___argc
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_register_onexit_function
_crt_atexit
terminate
_initialize_onexit_table
_set_app_type
_exit
_invalid_parameter_noinfo_noreturn
_initterm
_c_exit
_get_initial_narrow_environment
_seh_filter_exe
exit
_initterm_e

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_getcwd
__p__commode

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

091c022f661c1db1ecf93f37840562e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcp140

version

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 512B - Virtual size: 96B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 512B - Virtual size: 96B